Z wrote:I guess some of this stuff is general, some should be in bugs section and some other stuff in to do area. So, I'll simply put it here, with the announcment about these new features.

1. Confirmation message layout

Acception confirmation information should be in BEGINNING of message, not at the end.
If email is long, then it's very unclear to (busy) user what happened. Suggested form:

*Trashmail stuff here*

-- Sent message follows --

* Original sent message *

2. Feedback messages

IMHO! I wouldnt sent out those confirmation messages. I mean accepted or deleted at all. There is simply no point of doing that. And in some cases it might actually create a problem. If messages is ignored (expire or delete), then it is. If it's confirmed by recepient or send then it is. No need to send crap.

3. Reply masking

It seems that reply masking is broken when using whitelisting. So if I reply to message that came trough whitelisting then I can't reply to it using my trashmail.net address (using reply masking).

4. Confirmtion by email

I know lot of users that have access to email, but they don't have access to web. Due corporate restrictions or other reasons. Like using simple PDA email. If there could be some way to confirm messages using email only? I could suggest several methods, but I guess it's out of scope for this comment list.

5. Possible loop problem

I tried if you have a looping problem. Confirm, confirmation message by confirming confirmation message. You dont seem to be having this problem. I was already laughing that I'll crash the system. I have seen too many times "moronic" problems. But I'm very happy that you didnt have this problem.

I might know the reason. I ignore all non-session cookies. Do you use those? I changed some settings, no help. So I guess its not about this, there is some another reason. I think it's funny that login is 1 and auth is 1. I'll try to enter key information to url and see what happens. Nope, didnt help either.

Managing WL mail queue and addresses work for another account and wont work for another. So it doesn't have anything to do with web browser.

Afaik whitelisting works now very well.

7. Disable confirmation

Seems to be working as I expected. But in this case, should we create bounce or not? It seems that no bounce is being generated. My opinion is that in this special case there should be bounce message. So sender knows that message was rejected. So they can try another way contacting recipient.

Update: Bounce was generated, I didn't receive it in time due slow email systems.

8. Whitelist when sending

This should work, it's important. When I send email, rules allowing reply to be sent back without confirmation is important. Every message confirmation is exception. But this can create dead lock kind of situation like loop. Both are waiting for confirmation which is waiting for confirmation.

9. Confirmation message from address

That's though question too. I think it should be the recipient address instead of robot@trashmail.net. Think about that deadlock situation. And think about general email "street wise rules". I'll get email from some robot that asks me to confirm my email. Afaik, it would be much nicer to get it from the address that I sent my email to. Because then it would be immediately clear that it's about my email. Not about "confirming my email" for "some reason". Or do you now automaticly process any bounces to robot address? Fixing issue 1. might solve this. I guess you'll user robot address to prevent looping?

10. Black listing?
If there are problems, there might be requirement to add blacklisting which prevents from whitelisting. I guess there might be abuse cases where some user (sender) whitelists all messages even confirmation for every message is required. Then black listing would help.

End of summary

These are my first impressions, comments and thoughts.

You said...

I tried to eliminate a maximum of bugs!

- That's very nice...

I think this is good discussion opening... Lets hear other comments!

Here is my resume about your points:
1. Fixed.
2. Will for the moment stay, because user needs for the moment to know if he still needs to confirm the email that he would not worry about strange error on the site, because the site would not display for the moment an extra message that the messages has been already confirmed.
3. Fixed.
4. Added in the Todo list
5. Fixed: I found out a loop problem when forwarding from my local email account emails to my trashmail account by using TrashMail by accepting emails only with the X-TrashMail-Key field. Now request for confirmation emails are only sent once per sender email address in the queue.
6. Fixed: Accounts with digits in their names are now accepted.
7. Nothing to do: TrashMail responds immediately if emails are not accepted. Unfortunately other email server in the Internet are some times slow.
8. Added in the ToDo list
9. Emails to the robot are ignored by the systems (so they are lost). This is to prevent infinite loops and eliminate directly the need to handle the X-Loop field for lazy reasons to handle this. However its more beautiful with the real address. I have added this in the Todo list.
10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?

Admin wrote:10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?

Yep. As I mentioned, it's big hard to do. It was just an idea. But as you mention, it's kind of pointless. If sender is going trough effort of confirming every message he got plenty of other means to get around any blocking. One of easiest for average joe is to use several free webmail addresses etc.

Admin wrote:10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?

Yep. As I mentioned, it's big hard to do. It was just an idea. But as you mention, it's kind of pointless. If sender is going trough effort of confirming every message he got plenty of other means to get around any blocking. One of easiest for average joe is to use several free webmail addresses etc.

AFAIK black listing is actually quite useless, when I tought it bit more. As you mentioned. There is always way to get around it. It's then better to use static whitelisting so users cant add addresses to list.

My opinion is that it is much more important that message seems to be coming from the recipient instead of robot@trashmail.net... When you think about those deadlock situations.

Z wrote:AFAIK black listing is actually quite useless, when I tought it bit more. As you mentioned. There is always way to get around it. It's then better to use statick whitelisting so users cant add addresses to list.

My opinion is that it is much more important that message seems to be coming from the recipient instead of robot@trashmail.net... When you think about those deadlock situations.

Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.

steve2017bus wrote:Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.

Sometimes when you give an address to someone, s/he pass it up to other contacts that YOU WANT to have your address.
Deleting the address means that you wave to notify every one of them.

steve2017bus wrote:Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.

It depends, in my case I have a complex setup which looks like so:
Real email address forwards ALL to one single TrashMail address which has the challenge response system enabled, then forwards back to my real email address.